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(57) ABSTRACT 

An electronic signature management system includes a 
graphic tablet digitizer for signaling position coordinates of 
a stylus being moved to produce a handwritten signature, a 
clock circuit of the digitizer denning a fixed interval 
between successive stylus position measurements, a com- 
puter processor electrically interfaced with the tablet and 
programmed for receiving and storing a multiplicity of the 
coordinates in sequential order as an electronic signature 
forming a time history of the stylus movement. The com- 
puter is aJso programmed for verifying the fixed time 
intervals of the measurements, such as by comparing a ratio 
of total elapsed time and total number of the measurements 
with a standard measurement interval, and for comparing the 
electronic signature with a reference signature, such as by 
feeding a stored reference signature counterpart and the 
electronic signature into a cross-correlator for evaluating a 
degree of correspondence between respective time histories 
of the electronic signature and the reference signature. The 
signatures can also be compared visually in a simultaneous 
display wherein respective pointers follow the signatures 
orthogonally in response to an operator-controlled slider, 
with pertinent data corresponding to the pointer positions 
being displayed. The electronic signature is preferably 
encrypted using a hash function or message digest of the 
document as a key. Also disclosed are methods for elec- 
tronically signing a document, wherein the electronic sig- 
nature is electronically bound to the document, wherein the 
electronic signature is encrypted using a key derived from 
the document and not saved, and methods for decrypting and 
verifying electronic signatures. 

33 Claims, 3 Drawing Sheets 
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ELECTRONIC SIGNATURE MANAGEMENT forgery, and easy to use, and that otherwise overcomes the 

SYSTEM disadvantages of the prior art. 

BACKGROUND SUMMARY 

The present invention relates to document authentication, 5 ^ presem mvention meets this need by providing a 

and more particularly to the utilization of handwritten sig- system for the electronic capture of signatures, the binding 

natures in connection with electronically stored, transmitted, of ^ signature to a document or data, and means for 

and retrieved data and documents. compression and storage of the signatures. The invention 

Handwritten pen-on-paper signatures have been the basis further p rovide gmeans for authentication after theTfact ofthe 

of contracts in commerce for hundreds of years, for a variety 10 signamre by a jialne^ Thus the 

of reasons, including: systeln^comblnel^e effe ctive ness- of time-proven pen-oji? 

1. The signature and documents are one in the same, being paper methodsof commerce v^tlTuie^fficie^cy of aiitoma tic 
forever bound together by the ink being on the paper; cwnputoj)p^afon~s7'^^ for the signer 

2. The identity of the signer can be verified after the fact takeepjij^ipj;pf_|pjt^ 

by a trained forensic document examiner who is skilled 15 a^pXieate;origm^-representation7^ 

in the art and science of signature character analysis, In one aspect of the invention, the system includes a 

and who can testify, be qualified, and be cross- graphic tablet for signaling position coordinates of a stylus 

examined in a court of law; and during manual movement thereof relative to a writing sur- 

3. The signer can keep a copy or duplicate original of the 20 face; a clock circuit for periodically initiating position 
contract to deter fraud. measurements by the graphic tablet at predetermined fixed 

In the continuing development of electronic document time intervals; a first computer processor electrically inter- 
storage and retrieval, a recognized need is inclusion of faced with the tablet, the processor being programmed for 
legally effective signatures for creating legally binding elec- receiving a multiplicity of the coordinates during the manual 
tronic records. Early systems addressing this need utilized a ^ movement of the stylus, and storing respective sets of the 
simple image of a signature (such as a bit map) being affixed coordinates in sequential order as an electronic signature 
to a document as a picture of a signature. This approach had while preserving a time relation between coordinates, the 
the disadvantage that the bit map image of the signature is electronic signature forming a time history of the stylus 
difficult to verify as being directly from the hand of the movement; and means for verifying the fixed time intervals 
signer, in that little if any dynamic data is present. Also, an 30 of the measurements. The system can further include means 
image of a signature can easily be scanned from an existing for comparing the electronic signature with a reference 
document or record and improperly inserted into a document signature, such as by including reference memory for storing 
as a forgery. 10 electronic counterpart of the reference signature, and a 

Later systems included computer algorithms for verifying cross-correlator for evaluating a degree of correspondence 

a signature prior to the user being able to sign an electronic 35 between respective time histories of the electronic signature 

document. Problems with this method include the need to and the electronic counterpart ofthe reference signature. The 

enrol the signer into an electronic verification unit of the reference memory can be electronically interfaced with the 

system prior to use, the potential for errors in the verification first computer processor. Also, or in the alternative, the 

algorithm, and the inability to demonstrate the accuracy of means for comparing can be implemented as a parallel 

verification of a signature to a layperson or in a court of law. 40 display of the electronic and reference signatures, each 

Further, the signatures are typically not transportable to having a cursor positioned along and perpendicular to a line 

systems having different algorithms without loss of data segment thereof and being movable along the signature ion 

precision. response to operator input. 

U.S. Pat. No. 5,544,255 to Smithies et al. Discloses a The electronic signature can have associated therewith a 

computer-based system for capturing and verifying a hand- 45 date and time of the handwritten signature. The electronic 

written signature of an electronically stored document by signature can have further associated therewith an annota- 

cap turing the signature and storing a set of statistical mea- tion including at least one of a geographic location, a 

surements in a signature envelope that can contain a check- physical address, and an identification string. The first 

sum of the document. The measurements can include shape, computer processor can be a digital processor, the electronic 

number of pen strokes, total line length, average stroke 50 signature being a digital signature. 

length, number of acceleration and deceleration maxima The graphic tablet can include the clock circuit. Prefer- 

events, the overall time taken to complete the signature, and ably the time intervals are not greater than 20 milliseconds, 

the pen down time. The system can also contain a database More preferably, the time interyals_ar e between 2 mill isec- 

of known signature measurement templates to be compared 0 nds and 3 milliseconds. The^means for verif ying the^time- 

with a submitted signature to produce a similarity score. The 5S m tervals-can-wclude^ for/ 

system if Smithies at al. is not entirely satisfactory; for /^etexmimng^r^tio^ 

example: menjts^ancyiat^^ and com- j 

1. The signature envelopes cannot be verified by a foren- sparing the ratio with Jhe_pjedetermined-interval./ 
sic document examiner using traditional methods; AlternativelyTthe clock circuit has a certified unalterable 

2. The signature envelopes are not readily transportable to 60 time interval, the tablet being implemented for transmitting 
future systems, being based on arbitrary measurement an encoded certification stamp with the coordinate data, and 
statistics of the handwritten signatures; and the computer can be programmed for decoding the certifi- 

3. The signature envelopes are ineffective to the extent cation stamp to verify use of the certified time interval, 
that they omit information originally contained in the The computer can be further programmed for encrypting 
handwritten signature itself. 65 the time history to a fixed key of arbitrary length, the stored 

Thus there is a need for an electronic document signature electronic signature being in encrypted form. Preferably the 

system that is effective, reliable, easily verifiable, resistant to computer is programmed for generating the key as a cryp- 
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tographic hash function or message digest of the document. 
Hereafter, the term "cryptographic hash function" is used 
interchangeably with "message digest" notwithstanding 
technical differences therebetween. 

In another aspect of the invention, a method for electroni- 
cally signing a document includes the steps of: 

(a) progressively capturing a handwritten signature as an 
ordered sequence of data corresponding to successive 
coordinates and corresponding timing of stylus move- 
ment producing the signature; 

(b) storing the data as an electronic signature; and 

(c) electronically binding the electronic signature to a 
stored counterpart of the document. 

The step of binding can include the further steps of: 

(a) creating an encryption key by generating a crypto- 
graphic hash function of the stored counterpart of the 
document; and 

(b) encrypting the electronic signature to the encryption 
key. 

The method can include the further steps of identifying 
stored instances of the encryption key and erasing each such 
instance. 

In a further aspect of the invention, a method for elec- 
tronically signing a document includes the steps of: 

(a) capturing a handwritten signature as a sequence of 
data corresponding to coordinates of stylus movement 
producing the signature; 

(b) storing the data as an electronic signature; 

(c) creating an encryption key by generating a crypto- 
graphic hash function of a stored counterpart of the 
document; 

(d) encrypting the electronic signature to the encryption 
key, thereby electronically binding the electronic sig- 
nature to a stored counterpart of the document; 

(e) identifying stored instances of the encryption key; and 

(f) erasing each stored instance of the encryption key. 
The step of storing can include the further steps of: 

(a) encrypting the sequence of data to a fixed key of 
arbitrary length; and 

(b) storing the encrypted sequence as the electronic sig- 
nature. 

The step of storing can include the further steps of: 

(a) determining a date and time at which the handwritten 
signature was produced; and 

(b) including counterparts of the date and time with the 
electronic signature. 

The step of storing can include the further steps of: 

(a) determining a set of document data associated with the 
document; 

(b) generating a cryptographic hash data string of arbi- 
trary length from the document data; and 

(c) encrypting the electronic signature using the crypto- 
graphic hash data string. 

The method can include the further step of electronically 
tying the encrypted signature to the stored counterpart of the 
document using a device selected from the set consisting of 
forming a linked directory structure, forming a database, 
forming a compressed file, and forming a common digital 
signature packet. 

In still a further aspect of the invention, a method for 
decrypting a signature having been encrypted by the above 
method to facilitate authentication of the binding includes 
the further steps of: 

(a) creating a counterpart of the encryption key by gen- 
erating another cryptographic hash function of the 
stored counterpart of the document; 
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(b) decrypting the electronic signature using the encryp- 
tion key, thereby electronically binding the electronic 
signature to a stored counterpart of the document; 

(c) identifying stored instances of the encryption key; and 

(d) erasing each stored instance of the encryption key. 
In yet another aspect of the invention, a method for 

electronically signing a document includes the steps of: 

(a) capturing a handwritten signature as a sequence of 
data corresponding to coordinates of stylus movement 
producing the signature; 

(b) storing the data as an electronic signature; 

(c) creating a signature receipt as a cryptographic hash 
function of the electronic signature; 

(d) creating a document receipt as a cryptographic hash 
function of a stored counterpart of the document; and 

(e) producing counterparts of the signature and document 
receipts. 

Preferably the method includes the additional steps of: 

(e) embedding the signature receipt into the document; 
and 

(f) embedding the document receipt into the electronic 
signature, thereby to form a cross-linked binding of the 
signature with the document. 

The method can include the further steps of: 

(a) providing a transportable file medium; 

(b) copying counterparts of the document receipt and the 
signature receipt on the file medium; and 

(c) delivering the file medium having the receipt coun- 
terparts to a signer of the document. 

In yet another aspect of the invention, a method for 
verifying the signature of an electronically signed a docu- 
ment having associated therewith an electronic signature 
being a stored sequence of data corresponding to coordinates 
of stylus movement producing a first handwritten signature 
includes the following steps: 

(a) capturing a second electronic signature as a stored 
sequence of data corresponding to coordinates of stylus 
movement producing second handwritten signature; 

(b) simultaneously displaying in locational proximity 
graphic counterparts of the first and second electronic 
signatures; 

(c) displaying, for each of the graphic counterparts, a 
cursor being positioned along a line segment of the 
signature and oriented perpendicular to the line seg- 
ment; and 

(d) for each of the graphic counterparts, moving the cursor 
relative to the signature in response to operator input. 

The method can include for each of the graphic counter- 
parts the further steps of: 

(a) determining at least one measurement parameter rela- 
tive to the line segment at which the cursor is located; 
and 

(b) displaying a digital representation of the parameter. 
The at least one measurement parameter can be selected 

from the group consisting of a point number, a stroke 
number, an acceleration value, and a pressure value. 

DRAWINGS 

These and other features, aspects, and advantages of the 
present invention will become better understood with refer- 
ence to the following description, appended claims, and 
accompanying drawings, where: 

FIG. 1 is a pictorial block diagram of an electronic 
signature management system according to the present 
invention; 
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FIG. 2 is a flow chart of a computer process for document absolute be'ihg with^respect to an-origm"reference-qf the 

signature capture, binding and storage using the system of cteblet'24'r^ativeJbjeipg /wi'tB re spect _To_ a starting point of a 
FIG. 1; /signature, andmcremenjyj^in^^^ 

FIG. 3 is a flow chart of a computer process for retrieving dmtejpoafori^^^ 

a document having an electronic signature using the system 5 SuBilarlyrmepe^ 

of FIG 1* ar^olute, Tela^ey o^mcremental form, relative being with 

— _ * , • respect to eith^_a^tm'eshdld-pressure-or-an-initial-pen 

FIG. 4 is a signature authentication comparison screen ^zfr^r— — r r 

pressure f 

diagram of the system of FIG. 1; and ^r~ c ' . * ... ... 

. _ , , . „ In further accordance with the present invention, the 

HG. 5 is a flow chart showing an alternative configuration 1Q computer n Qas a managcmcnt program 30 m the 

of the process of FIG. 2. memory 20 as described below in connection with FIG. 2. 

DESCRIPTION The computer 12 is also implemented for electronic storage/ 

(and retrieval of document files 32'in any suitable manner, 
The present invention is directed to a computer-based such as by having an installed wofd processor 34,~which can 
signature management system that is particularly effective, 15 be a conventional commercially available program. It will 
reliable, and resistant to forgery, and that permits verifica- De understood that the signature management program 30 
tion of electronic signatures by traditional methods. With can De ope rated as a macro of the word processor 34; the 
reference to FIGS. 1-4 of the drawings, a signature man- word processor program 30 can be invokedunder the control 
agement system 10 includes a computer 12 having an of the s i gna ture management program 30; and/or the word 
operator interface 14 including a screen display 16, a key- 20 proC essor 34 can be combined with the signature manage- 
board 17, and apointing .device or mouse 18. The computer ment program 30 as a unified program, as desired, using 
12 also includes.a.memory 20rand a device interface 22 that conventional programming devices. Also, as used herein, the 
is suitably connected to a pen tablet 24 for capturing a document files 32 are electronically stored counterparts of 
handwritten signature 25 using a stylus 26. The memory 20 actua j documents being printable by a printer 36 being 
typically includes volatile random access memory (RAM) 25 connected to a printer port 37 of the computer 12 and driven 
and non-volatile memory such as read-only memory (ROM) as controlled by the word processor 34. Typically, the 
and random access disk memory. As used herein, storage in document files 32 contain digital codes of characters to be 
non-volatile memory can mcludejemporary storage in vola- printed by the printer 37. Alternatively, .the.document files 
tile memory. According to^the .presenUnyention, Jhe peji 32 can contain data codes defining agraphical representation 
tableL24.is implemented for periodically Jransnritting peji 30 of actual documents, as either pixels, vectors, or any com- 
position coordinates such as x-, y-, and z-axis dataJo the bination of pixels, vectors, and characters. Thus, the docu- 
computer 12/the coordinate^data-representing-precise inter- mcnt mcs 32 are sometimes referred to herein as documents 
<vab in ^progression of the ^signature from its'inception4o 32. The substantive content of the document files 32 can 
completion-and b^g^pjed^by me computer 12 as$a define ^ C[ltire electronic document, a collection of docu- 
f dynamic signature capture file 28~in the^memory 20? An 35 ment data indexed in a database, a few characters and data 
exemplary and preferred implementation of the pen tablet 24 representing a sales transaction, and many other possible 
C includes a clock circuit 29 for ^ initiating measurements*5f the forms to be authenticated or approved by signatures as 
coordinates at predetermined fixed internals. It will be described herein, 
understood that the coordinate data can be transmitted C^pu^efiln^iS^^^Storlge 

immediately as measurements are completed; alternatively, 40 Witn particular reference to FIG. 2, the signature man- 
data can be accumulated and transmitted in one or more agement program 30 controls a document signing process 40 
batches, either spontaneously or upon interrogation by the as described herein. First a selected document 32 is gener- 
computer 12. Verification of the time intervals can be by the ate d m a preparation step 42 and presented to the signer for 
clock circuit 29 can be a certified device having an unalter- review in a presentation step 44. Typically, the generation 
able time interval, the pen tablet 24 being implemented to 45 ^d presentation steps 42 and 44 are implemented at least in 
transmit an e^oa^d]certification stampvwith the coordinate parl by usmg tne operator interface 14 and the word pro- 
data, such as by a pseudo-random data stream being imbed- ccssor 34 Next> a tcst document step 46 is entered for 
ded within serial data being received from the tablet 24 determining acceptance or rejection of the document 32. 
during capture of the handwritten signature. The computer 0 nce the document is accepted by the signer, the document 
12 is correspondingly programmed for decoding the certi- 50 flle 32 jg f r0Z en or otherwise protected from further alter- 
fication stamp, successful decoding thus verifying use ofthe ation except as described herein in a lock step 48. The lock 
certified clock circuit29. Alternatively, the computer can be step 43 can be implemented by maintaining the document 
programmed^ flle 32 in an open condition in subsequent steps of the 
^ 'of _ the measurements and: "a^to.tal_njumb^ej 2?J"^ process 40. 
'^/measure^^ 55 The document file 32 is next processed by a hashing 

Qm^eo^i^ryaF function in a generate signature key step SO to create a 

Also, a counterpart of the clock circuit 29 can be imple- unique encryption "key" to be used to encrypt the handwrit- 

mented in association with the device interface 22, or other ten signature 25. The signature 25 is then captured in a 

suitable means for obtaining precise sampling intervals.^By capture signature step 52, preferably in such a way as to 

^^tffi^th~esignature~25 at regular Jnte^^^^iometeic"dMa 60 preserve its biometric properties as described above. These 

C including the seqWnce^of pen strokes and ^predseltiming properties-mclude-me'starting^^ each 7 

^pfall . of the elements, of the^gnature are^jres^ryeU Written stroke along wuYuic^xactJ^^ oi the^ignature 

The z-axis data can be simply a single-bit binary repre- ^stroke and the velocity of each segment inthe stroke, and 

< sentation of a pen-up or pen-down condition or, if desired, bptionally^the-pressiire-apptiedto the-pen tip at each point 7 

a multiple-bit representation of pen pressure for preserving 65 dbnglthe stroke. The velocity data is derived by sampling 

further biometric data of the signature 25. The x- andy-axis the position of the pen by means of the pen tablet 24 which 

data can .be^ in^ absolute, , relative, or incremental form, samples the pen position at a preset and highly accurate 
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timing interval. This data is formatted into the dynamic signature from the signed^ocume^t fite_ mat was previously 

signature file which preserves the data precisely and pref- loaded^and an" unlock document step 65 extracts the docu- 

erably„adds into U3e:data.me;time:and:date~.mat-t^ ment from the same signed document file. Finally, a test 

wasTcaptured-and-a^texroranro document step 66 performs a comparison of the text of the 

^circumstances of the signing. Since the signature data is to 5 document as extracted from the signed document file with 

be encr^teTi"a^"tamper-proof, the time and date annota- the document as previously saved. The signature and/or the 

tions can be reviewed at a later date as additional evidence verified document is then delivered in any desired form in an 

to indicate the validity of the signature by confirming the output step 68. The authenticity of the retrieved signature is 

location of the signer at the captured time and date. confirmed by identity of the document as extracted from the 

Next, a signature test step 53 is entered for determining 10 signed document file with the document as originally stored; 

acceptance or rejection of the signature 25. For example, the otherwise, the process is aborted for lack of correspondence 

signer can view a graphical display of the signature on the between the signed document and the original document, 

screen display 16, signaling by the keyboard 17 and/or the This process of the present invention is intrinsically reliable 

mouse 18 acceptance or rejection thereof, and the capture in that if the original document is absent, then a correct key 

file 28 can be compared with previously obtained signatures 15 cannot be derived in order to properly de-crypt the signature, 

of the signer that may have been stored in a database 38 that Also, if the original signature is missing, the key derived 

is associated with the signature management program 30 for from the correct document cannot be used to unlock a 

sufficient correlation. Once the signature is accepted, signature that was not originally encrypted from it. With the 

receipts of the document and the signature are printed for presence of both the original document and signature, both 

delivery to the signer in a print receipt step 54. Thus when 20 can be displayed and printed as the original, 

the signature is captured, unique document and signature -Afithenticatidn 

receipts typically consisting of between 8 and 40 characters Authentication after the fact by a forensic document 

arc generated and can be provided to the signer as a unique examiner is a powerful feature of the present invention that 

representation of both the document and the signature. The permits the same infrastructure, experts and legal weight to 

receipts can be printed separately or together on a single 25 be applied to electronic contracts and signatures that are 

page. Also, the capture file 28 is encrypted in a signature currently applied to paper documents, contracts and signa- 

encryption step 56 for producing an encrypted signature 39, tures. With reference to FIG. 4, an authentication screen 70 

using the signature key previously obtained in the generate that is produced by the signature management program 30 

signature key step 52. An important feature of the encryption on the scr een dis play 16 permitsat least two signa ture s to^tfe' 

step 56 is that the signature key is not retained following use 30 compared-on~a^com|pe^ 

thereof to create the encrypted signature 39. Accordingly, all under, jDVefrand-under-being-shown m FIG. ~4f respectively 

counterparts of the signature key are preferably overwritten as first and^ second signature displays 25A and 25B.^If/ y/ 

to positively preclude unauthorized uses thereof. pressure data~is-recorded-in the biometric-capture-file 28, ~y 

FIG. 1 shows the encrypted signature 39 being saved in then the^o^playell^irreT^ dth can be modul ated c orrespoffd- V J) 

the (non- volatile) memory 20 of the computer 12, it being 35 -ing^to variations- in-the pressure ^grejto^pressuit^eing^ 

understood that temporary maintenance in volatile RAM is ^represente^by-increliseli^ Alternatively, the line 

also within the scope of the present invention. Since the key widm yJ represenIs pen velocity. Also, both pressure ^and: 

for encryption is derived directly and uniquely from the velocity can be indicated by the pen^eloeity dataxan'being 

document, a powerful link exists between the two. If the .dLsplayecTajs^ 

document is tampered with or changed in any way, a key 40 ^b^eliness, -higher \ \ 

derived from the data will also have changed and the key bKene^Further, the pressure and velocity indications can ^ 

will therefore be unable to properly decode the signature be interchanged, with lower pressure represented by 

data. The signature data cannot be displayed or printed in the increased line width. 

event of such tampering. In addition, the screen 70 includes for each of the signa- 

Finally, the encrypted signature is stored in association 45 tures - a inova^le ppinter_72 for indicating selected elements 

with the document in a save document with signature step of the respective signatures, each pointer 72 being posi- 

57, thereby binding the signature to the document. This is tioned in response to a movable (graphically represented) 

accomplished in any suitable manner, including conven- slider 74, the sliders 74 being conventional devices com- 

tional hierarchical database linkage, zip file creation, or monly operated by the mouse 18 or other pointing device of 

encapsulation within a digital signature. 50 the user interface 14, The end points of slider movement 

Accordingly, the present invention provides a secure correspond to beginning and endpoint data of the signatures 

combination of document and bound signature of the docu- 25. The signature management program 30 locates each 

ment. The signature data has stored within it several bio- pointer 72 on the corresponding signature display 25A or 

metric properties that can be examined at a later date for 25B at a point corresponding to the position of the slider 74, 

authenticity by a forensic document examiner. Preferably-all 55 and oriented orthogonally to the displayed line direction at 

of the biometric properties-available from the pen tablet 24 that point. More particularly, the signature 25 is displayed as 

are retained^ such as-by retaining each set of the x-, y-7"and a series of line segments connecting successive data points, 
z-coordinates^frqm the tabic r24 ih~the^ e^cr^ted signature— the orthogonality being with respect to a particular line 

filer^~~~ " ~~ ~ segment being pointed to by the cursor 72. It will be 

^Retrieval./ 60 understood that the cursor 72 can be implemented pointing 

y FIG. 3 shows a procedure 60 for retrieving the signed to midpoints or end points of successive line segments with 

document, which requires the presence of both the original the same visual effect at normal magnifications. In the case 

document and the original signature. The procedure 60 of pointing to end points, orthogonality can be with respect 

includes a load signed document step 62 and a load original to the line segment previously traversed or to the next 

document step 63, followed by a counterpart of the generate 65 segment. Thus the slider 74 is used in conjunction with the 

signature key step 50 for again obtaining the signature key. cursor 72 to select locations along the signature for particu- 

Next, an unlock signature step 64 extr acts the ^electronic lar reference. Preferably the screen 70 is further imple- 
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mented for displaying metrics of the signature 25 in corre- 
sponding to the location of the cursor 72. Representative 
metrics to be displayed are shown in FIG. 3 as point number 
80, pen stroke number 82, acceleration 84, and pressure 86. 
Instantaneous velocity can be included additionally or as an 
alternative to acceleration. 
Signature Authentication Tools 

A forensic document examiner can use several categories 
of information to compare and authenticate signatures, as 
presented in the following Table with corresponding sup- 
porting electronic data: 



TABLE I 



Characteristic 


Electronic Data Available 


1. Stroke Sequence: Shows, 


The exact sequence of each 


for example, whether loops 


signature is reproducible 


are clockwise or 


using the slider bug to 


counterclockwise. 


precisely trace out the 




recorded signature 




sequence 


2. Pace of Signature: 


The total elapsed time of 


Indicates the overall pace 


a signature is represented 


from beginning to end and 


by the total number of 


the pace around each loop. 


points. The velocity 




within loops is indicated 




by the modulated display 




line width and displayed 




numerically for the 




pointer position. 


3. Signature Receipt: 


The signature receipt 


Indicates lack of 


value is displayed and can 


tampering. 


be compared to the hard- 




copy receipt value in the 




possession of the signer 




from the time of original 




signature. 



Document and Signature Receipts 

The document and signature receipts produced in the 
document signing process 40 of FIG. 2 are particularly 
effective anti- tampering counterparts of conventional pen- 
on-paper signature, in that the signer or signers are allowed 
to keep their own original copies of the document and 
signature. If a clever and experienced forger is able to 
tamper with one copy, there is always a second copy in a 
second location to use for comparison and fraud detection. 
The electronic document and signature receipts provide this 
same protection requiring only the recording of simple 8 or 
higher digit receipts reflecting the exact content of a docu- 
ment or signature. If the contract is ever disputed, the signer 
can bring his print out of the document and signature 
receipts to a legal proceeding and require that the electronic 
document and signature receipts be compared to those which 
are inherent in the original electronic documents. The holder 
of the electronic documents can then further protect its 
position by providing signature and document receipts to the 
signer printed on special bond paper and/or with a signature 
from their representative affixed thereto. 

Digital signatures can be used to increase the securing and 
effectiveness of electronic biometric signatures, documents, 
and receipts. For example, the signature and document 
receipts can be e-mailed or otherwise provided to the signer 
of a document via encapsulation in a digital signature. In this 
way, if the signature or document is disputed, the signer can 
demonstrate that the receipt he has in his possession is 
indeed an original receipt and that it has not been tampered 
with or altered. It is also useful to encapsulate both the 
original document and the linked biometric signature file 
into a digitally transmitted message encrypted to a digital 
signature. The benefit of the digital signature is that it 
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validates the agent or workstation who transmitted the data, 
where the electronic, biometric signature is validating the 
agreement to a contract and the biometrically traceable 
identity of an individual person. 

5 With further reference to FIG. 5, an alternative configu- 
ration of the document signing method, designated 40', 
includes, following the signature encryption step 56, cross- 
linking the document and signature receipts with the signa- 
ture and document, respectively. More particularly, the sig- 

10 nature receipt is combined with the document 32 in an 
embed signature receipt in document step 90, and the 
document receipt is combined with the encrypted signature 
39 in an embed document receipt in signature step 92, prior 
to the save document with signature step 57, thereby form- 

15 ing a cross-linked binding of the signature with the docu- 
ment. 

The present invention thus provides a system and method 
for the#eapture^transTnisl;ic^^ 
.auth enticate 

20 focuments. The system retains many recognized advantages 
of traditional paper and pen-based authentication systems 
that have been successful for hundreds of hears, while 
providing significant new benefits. For example: 

1. The signature is by hand and incorporates by biometric 
25 data the identify of a human being; 

2. The signature and document/data are bound together as 
a single entity; 

3. A receipt is provided to the signer(s) with a unique link 
referencing the document and the signature; 

4. The signature can be verified after the fact by a forensic 
document examiner using software comparison tools, 
time and date information, and comparison of receipts 
of the electronic document to the receipts stored inde- 

35 pendently by the signers; 

5. Security is enhanced by transmission of documents, 
signatures, and receipts using digital signature encryp- 
tion in a manner corresponding to mailing a sealed 
copy to oneself through the Post Office and keeping the 

40 envelope sealed. 

Although the present invention has been described in 
considerable detail with reference to certain preferred ver- 
sions thereof, other versions are possible. Therefore, the 
spirit and scope of the appended claims should not neces- 
45 sarily be limited to the description of the preferred versions 
contained herein. 
What is claimed is: 

1. A system for managing handwritten signatures, com- 
prising: 

50 ( a ) a graphic tablet for signaling position coordinates of a 
stylus during manual movement thereof relative to a 
writing surface; 

(b) a clock circuit for periodically initiating position 
measurements by the graphic tablet at predetermined 

55 fixed time intervals; 

(c) a first computer processor electrically interfaced with 
the tablet, the processor being programmed for receiv- 
ing a multiplicity of the coordinates during the manual 
movement of the stylus, and storing respective sets of 

60 the coordinates in sequential order as an electronic 
signature while preserving a time relation between 
coordinates, the electronic signature forming a time 
history of the stylus movement; and 

(d) means for comparing the electronic signature with a 
65 reference signature, comprising the computer processor 

having a graphic display implemented for simulta- 
neously displaying the electronic signature and the 
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reference signature with corresponding cursors being 
positioned along a line segment of the signature and 
oriented perpendicular to the line segment, and the 
computer being further implemented for moving the 
cursors in response to operator input 5 

2. The system of claim 1, wherein the means for com- 
paring further comprises reference memory for storing an 
electronic counterpart of the reference signature, and a 
cross-correlator for evaluating a degree of correspondence 
between respective time histories of the electronic signature 
and the electronic counterpart of the reference signature. 

3. The system of claim 2, wherein the reference memory 
is electronically interfaced with the first computer processor. 

4. The system of claim 1, wherein the electronic signature 
has associated therewith a date and time of the handwritten ^ 
signature. 

5. The system of claim 4, wherein the electronic signature 
has further associated therewith an annotation including at 
least one of a geographic location, a physical address, and an 
identification string. 2Q 

6. The system of claim 1, wherein the first computer 
processor is a digital processor, and the electronic signature 
is a digital signature. 

7. The system of claim 1, wherein the computer is further 
programmed for encrypting the time history to a fixed key of 
arbitrary length, the stored electronic signature being in 
encrypted form. 

8. The system of claim 7, wherein the computer is 
programmed for generating the key as a cryptographic hash 
function or message digest of the document. 3Q 

9. The system of claim 1, wherein the computer processor 
is further implemented for determining a stylus velocity 
associated with each line segment, and displaying the line 
segments at widths being proportional to the stylus velocity. 

10. The system of claim 1, wherein the computer proces- ^ 
sor is programmed for displaying the line segments at widths 
being proportional to the stylus pressure data. 

11. A system for managing handwritten signatures, com- 
prising: 

(a) a graphic tablet for signaling position coordinates of a 4Q 
stylus during manual movement thereof relative to a 
writing surface; 

(b) a clock circuit in the graphic tablet for periodically 
initiating position measurements by the graphic tablet 

at predetermined fixed time intervals; 45 

(c) a first computer processor electrically interfaced with 
the tablet, the processor being programmed for receiv- 
ing a multiplicity of the coordinates during the manual 
movement of the stylus, and storing respective sets of 
the coordinates in sequential order as an electronic 50 
signature while preserving a time relation between 
coordinates, the electronic signature forming a time 
history of the stylus movement; and 

(d) means for verifying the fixed time intervals of the 
measurements, comprising the computer being pro- 55 
grammed for determining a ratio of a total elapsed time 

of the measurements and a total number of the 
measurements, and comparing the ratio with the pre- 
determined interval. 

12. The system of claim 11, wherein the time intervals are 60 
not greater than 20 milliseconds. 

13. The system of claim 12, wherein the time intervals are 
between 2 milliseconds and 3 milliseconds. 

14. The system of claim 11, wherein the means for 
verifying the time intervals comprises: es 

(a) the clock circuit having a certified unalterable time 
interval; 
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(b) the tablet being implemented for transmitting an 
encoded certification stamp with the coordinate data; 
and 

(c) the computer being programmed for decoding the 
certification stamp to verify use of the certified time 
interval. 

15. The system of claim 11, wherein the first computer 
processor is a digital processor, and the electronic signature 
is a digital signature. 

16. The system of claim 11, wherein the computer is 
further programmed for encrypting the time history to a 
fixed key of arbitrary length, the stored electronic signature 
being in encrypted form. 

17. The system of claim 16, wherein the computer is 
programmed for generating the key as a cryptographic hash 
function or message digest of the document. 

18. A method for verifying the signature of an electroni- 
cally signed a document having associated therewith an 
electronic signature being a stored sequence of data corre- 
sponding to coordinates of stylus movement producing a 
first handwritten signature: 

(a) capturing a second electronic signature as a stored 
sequence of data corresponding to coordinates of stylus 
movement producing second handwritten signature; 

(b) simultaneously displaying in locational proximity 
graphic counterparts of the first and second electronic 
signatures; 

(c) displaying, for each of the graphic counterparts, a 
cursor being positioned along a line segment of the 
signature and oriented perpendicular to the line seg- 
ment; and 

(d) for each of the graphic counterparts, moving the cursor 
relative to the signature in response to operator input. 

19. The method of claim 18, comprising, for each of the 
graphic counterparts the further steps of: 

(a) determining at least one measurement parameter rela- 
tive to the fine segment at which the cursor is located; 
and 

(b) displaying a digital representation of the parameter. 

20. The method of claim 19, wherein the at least one 
measurement parameter is selected from the group consist- 
ing of a point number, a stroke number, an acceleration 
value, and a pressure value. 

21. A system for managing handwritten signatures, com- 
prising: 

(a) a graphic tablet for signaling position coordinates of a 
stylus during manual movement thereof relative to a 
writing surface; 

(b) a computer processor electrically interfaced with the 
tablet, the processor being programmed for receiving a 
multiplicity of the coordinates during the manual 
movement of the stylus, and storing respective sets of 
the coordinates in sequential order as an electronic 
signature while preserving a time relation between 
coordinates, the electronic signature forming a time 
history of the stylus movement; and 

(c) means for comparing the electronic signature with a 
reference signature, comprising the computer processor 
having a graphic display implemented for simulta- 
neously displaying the electronic signature and the 
reference signature with corresponding cursors being 
positioned along a line segment of the signature and 
oriented perpendicular to the line segment, and the 
computer being further implemented for moving the 
cursors in response to operator input. 
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22. The system of claim 21, wherein the electronic or message digest of a stored counterpart of the document, 
signature includes recorded stylus pressure data, the system producing counterparts of the signature and document 
further comprising means for varying a displayed line width receipts, and encapsulating the signature and document 
of each line segment of the electronic signature and the receipts in a digital signature, the method comprising the 
reference signature, the computer processor being further 5 further steps of: 

implemented for displaying the line segments of the elec- (a) transmiuill the di ilal si ture ^t^g lhe sig . 

tromc signature at widths being proportional to the stylus v ' * ~ * 4 f ^ L , 6 

e , , & r r J nature and document receipts to a signer of the docu- 
pressure data. 

23. The system of claim 21, the system further comprising men ' 

means for varying a displayed tine width of each line 10 (°) recalling the transmitted digital signature 

segment of the electronic signature and the reference (c) extracting the signature and document receipts from 

signature, the computer processor being further imple- the digital signature; 

mented for determining a stylus velocity associated with (d) KCOVering the electronic signature and a stored coun- 

each line segment of the electronic signature, and displaying n of {h& 

the line segments of the electronic signature at widths being 15 , , ' 

proportional to the stylus velocity. ( e ) gyrating new signature and document receipts from 

24. A system for managing handwritten signatures, com- ^ recovered electronic signature and the stored coun- 
prising: terpart of the document; and 

(a) a graphic tablet for signaling position coordinates of a (0 comparing the recovered signature and document 
stylus during manual movement thereof relative to a 20 receipts with the new signature and document receipts, 
writing surface; the document being authenticated when respective 

(b) a computer processor electrically interfaced with the ^^P 1 counterparts are matching. 

tablet, the processor being programmed for receiving a 27. The method system of claim 26, comprising the 

multiplicity of the coordinates during the manual further steps of identifying stored instances of the signature 

movement of the stylus, and storing respective sets of 25 encryption key and erasing each such instance, 

the coordinates in sequential order as an electronic 28. A method for authenticating a document having been 

signature while preserving a time relation between signed by a method comprising capturing a handwritten 

coordinates, the electronic signature forming a time signature as a sequence of data corresponding to coordinates 

history of the stylus movement, the computer processor of stylus movement producing the signature, storing the data 

having a graphic display implemented for displaying 30 as an electronic signature, creating a signature receipt as a 

the electronic signature as sequential line segments; cryptographic hash function or message digest of the elec- 

and tronic signature, creating a signature encryption key by 

(c) the computer processor being further implemented for generating a cryptographic hash function or message digest 
determining a stylus velocity associated with each line of a stored counterpart of the document, encrypting the 
segment, and displaying the line segments at widths electronic signature using the signature encryption key, 
being proportional to the stylus velocity. creating a document receipt as a cryptographic hash function 

25. A system for managing handwritten signatures, com- or message digest of a stored counterpart of the document, 
prising: and producing counterparts of the signature and document 

(a) a graphic tablet for signaling position coordinates and 40 receipts, the method comprising the further steps of: 
stylus pressure data of a stylus during manual move- (a) distributing plural counterparts of the signature and 
ment thereof relative to a writing surface; document receipts to signers of the document; 

(b) a computer processor electrically interfaced with the (b) recalling the distributed signature and document 
tablet, the processor being programmed for receiving a receipts; and 

multiplicity of the coordinates and the stylus pressure 45 (c) comparing the recalled signature receipts and the 

data during the manual movement of the stylus, and document receipts, the document being authenticated 

storing respective sets of the coordinates with the stylus when respective receipt counterparts are matching, 

pressure data in sequential order as an electronic 29. The method of claim 28, comprising the further step 

signature, the electronic signature forming a time his- 0 f encapsulating the signature and document receipts in a 

tory of the stylus movement and pressure, the computer 50 digital signature. 

processor having a graphic display implemented for 30. The method system of claim 28, comprising the 

displaying the electronic signature as sequential line further steps of identifying stored instances of the signature 

segments; and encryption key and erasing each such instance. 

(c) the computer processor being further implemented for 31. A method for authenticating a document having been 
displaying the line segments at widths being propor- 55 signed by a method comprising capturing a handwritten 
tional to the stylus pressure data. signature as a sequence of data corresponding to coordinates 

26. A method for authenticating a document having been of stylus movement producing the signature, storing the data 
signed by a method comprising capturing a handwritten as an electronic signature, creating a signature receipt as a 
signature as a sequence of data corresponding to coordinates cryptographic hash function or message digest of the elec- 
of stylus movement producing the signature, storing the data 60 tronic signature, creating a signature encryption key by 
as an electronic signature, creating a signature receipt as a generating a cryptographic hash function or message digest 
cryptographic hash function or message digest of the elec- of a stored counterpart of the document, encrypting the 
tronic signature, creating a signature encryption key by electronic signature using the signature encryption key, 
generating a cryptographic hash function or message digest creating a document receipt as a cryptographic hash function 
of a stored counterpart of the document, encrypting the 65 or message digest of a stored counterpart of the document, 
electronic signature using the signature encryption key, and producing counterparts of the signature and document 
creating a document receipt as a cryptographic hash function receipts, the method comprising the further steps of: 
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(a) deliveriag the signature and document receipts to a 
signer of the document; 

(b) recalling the signature and document receipts; 

(c) recovering the electronic signature and a stored coun- 
terpart of the document; 

(d) generating new signature and document receipts from 
the recovered electronic signature and the stored coun- 
terpart of the document; and 

(e) comparing the recalled signature and document 
receipts with the new signature and document receipts, 
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the document being authenticated when respective 
receipt counterparts are matching. 

32. The method of claim 31, comprising the further step 
of encapsulating the electronic signature in a digital signa- 
ture. 

33. The method system of claim 31, comprising the 
further steps of identifying stored instances of the signature 
encryption key and erasing each such instance. 

***** 
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